The first thing it does is ask for your screen name and shows a bunch of ads of "How to get more Twitter followers". Ok, not the best ads, but moving on. You enter the screen name, then hit go. It looks up the name and gives an accurate date, but then it offers to tweet it for you. So you enter in your username and password. Wait a minute. That would be handing over your password to an unknown entity.

I did some initial investigation of the url. It's only been around two months and is hosted with a fairly dodgy source, a proxy hosting service. This is a private hosting so you can't see any info on the person/business who actually own the site. Hmmm. Usually, legit sites don't mind having that info available. I also notice it doesn't use the OAuth verification that many Twitter sites use to mean they are trying to be legit. Again, seems suspicious.

But how many people have willingly sacrificed their passwords by using such seemingly benign tools or links or applications? They seem totally harmless, don't they? Like I posted in my previous blog post here there's great value to malware authors to get that info. Now I'm not necessarily condemning this particular tool, this one may be totally innocent, but I feel compelled to warn people to not just blithely hand over their passwords. PLEASE think about what you are doing, even if it seems like it's harmless fun.

About the author

Beth Jones
Senior Threat Researcher, SophosLabs US
Beth manages the day-to-day research and analysis activities of incoming suspicious malware threats that arrive in SophosLabs via customers, partners and prospects. Beth has worked in Sophos's Boston lab for more than five years and brings nearly a decade of network security experience to Sophos.